github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 23:31:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: per client user tokens

Browse Source 
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
This commit is contained in:
Sam
2017-01-31 17:21:37 -05:00
parent 2dec731da3
commit ff49f72ad9
19 changed files with 495 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
spec/components/current_user_spec.rb
View File

@ -3,10 +3,10 @@ require_dependency 'current_user'
describe CurrentUser do
it "allows us to lookup a user from our environment" do
user = Fabricate(:user, auth_token: EmailToken.generate_token, active: true)
EmailToken.confirm(user.auth_token)
user = Fabricate(:user, active: true)
token = UserAuthToken.generate!(user_id: user.id)
env = Rack::MockRequest.env_for("/test", "HTTP_COOKIE" => "_t=#{user.auth_token};")
env = Rack::MockRequest.env_for("/test", "HTTP_COOKIE" => "_t=#{token.unhashed_auth_token};")
expect(CurrentUser.lookup_from_env(env)).to eq(user)
end